Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

soumyo/aws_iam_ssh_public_key #695

Merged
merged 16 commits into from
Nov 9, 2021
Merged

soumyo/aws_iam_ssh_public_key #695

merged 16 commits into from
Nov 9, 2021

Conversation

soumyo13
Copy link
Contributor

@soumyo13 soumyo13 commented Oct 19, 2021
edited
Loading

Signed-off-by: Soumyodeep Karmakar soumyo.k13@gmail.com

Description

This resource pack contains the singular and plural resource. No Terraform available.

Issues Resolved

#689

Check List

Please fill box or appropriate ([x]) or mark N/A.

@soumyo13
singular resource added
4df2e64 
Signed-off-by: Soumyodeep Karmakar <soumyo.k13@gmail.com>
@soumyo13 soumyo13 self-assigned this Oct 19, 2021
@soumyo13 soumyo13 requested review from a team as code owners October 19, 2021 08:34
@soumyo13 soumyo13 linked an issue Oct 19, 2021 that may be closed by this pull request
AWS IAM SSH Keys age rotated within 730 days for AWS CodeCommit #689
Closed
@soumyo13
updated the docs
acf31c2 
Signed-off-by: Soumyodeep Karmakar <soumyo.k13@gmail.com>
Nirbhay1997
Nirbhay1997 approved these changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@Nirbhay1997 Nirbhay1997 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jb897
Copy link
Contributor

jb897 commented Oct 20, 2021

Is there a resource available to get the ssh_public_key_id connected to the iam_ssh_public_key, in order to iterate through keys and check the properties? It seems like there would need to be a plural resource of aws_iam_ssh_public_key to iterate through all keys on the account.

@jb897
Copy link
Contributor

jb897 commented Oct 20, 2021

As in a public resource for aws_iam_public_ssh_key, which uses the method linked here (https://docs.aws.amazon.com/sdk-for-ruby/v2/api/Aws/IAM/Client.html#list_ssh_public_keys-instance_method) in order to list all keys associated with a user, which can then be iterated over

@soumyo13
added the plural resource with all tests
fc6fef7 
Signed-off-by: Soumyodeep Karmakar <soumyo.k13@gmail.com>
@soumyo13
Copy link
Contributor Author

Is there a resource available to get the ssh_public_key_id connected to the iam_ssh_public_key, in order to iterate through keys and check the properties? It seems like there would need to be a plural resource of aws_iam_ssh_public_key to iterate through all keys on the account.

I have added the plural resource.

@dkumaras
Copy link
Contributor

dkumaras commented Oct 21, 2021
edited
Loading

@Nirbhay1997 , @soumyo13 : The 'aws_iam_ssh_public_keys.md' file is not available in the said branch. Kindly advise how to proceed.

@dkumaras dkumaras self-assigned this Oct 21, 2021
@dkumaras
edits
5932011 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@dkumaras
edits
487e988 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@dkumaras
edits
4865c86 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@soumyo13
Copy link
Contributor Author

@Nirbhay1997 , @soumyo13 : The 'aws_iam_ssh_public_keys.md' file is not available in the said branch. Kindly advise how to proceed.

I am able to see the file.

Link: https://github.com/inspec/inspec-aws/blob/487e98847a6df32d895906715856f19e81714403/docs/resources/aws_iam_ssh_public_keys.md

@dkumaras
Copy link
Contributor

@Nirbhay1997 , @soumyo13 : The 'aws_iam_ssh_public_keys.md' file is not available in the said branch. Kindly advise how to proceed.

Its available now. Reviewed it.

@soumyo13
Copy link
Contributor Author

@Nirbhay1997 , @soumyo13 : The 'aws_iam_ssh_public_keys.md' file is not available in the said branch. Kindly advise how to proceed.

Its available now. Reviewed it.

Thanks.

@dkumaras
lint errors
fd35eb1 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@jb897
Copy link
Contributor

jb897 commented Oct 21, 2021

Hi, there is an issue in the plural resource file. Since there is no username specified in the username field for the API call, according to the AWS documentation "the UserName field is determined implicitly based on the AWS access key used to sign the request."
This is causing errors, as we are unable to iterate through all of the keys that are stored on the account. As seen in the screenshots below, when testing the plural resource, I am getting a failure of no keys existing, however when checking for the existence of an individual key I have created, it is shown as existing and passing the test. I believe the plural resource needs to have a parameter for the username for the IAM user to list SSH public keys for.
Screen Shot 2021-10-21 at 3 33 27 PM
Screen Shot 2021-10-21 at 3 32 53 PM

@soumyo13
Copy link
Contributor Author

Hi, there is an issue in the plural resource file. Since there is no username specified in the username field for the API call, according to the AWS documentation "the UserName field is determined implicitly based on the AWS access key used to sign the request." This is causing errors, as we are unable to iterate through all of the keys that are stored on the account. As seen in the screenshots below, when testing the plural resource, I am getting a failure of no keys existing, however when checking for the existence of an individual key I have created, it is shown as existing and passing the test. I believe the plural resource needs to have a parameter for the username for the IAM user to list SSH public keys for. Screen Shot 2021-10-21 at 3 33 27 PM Screen Shot 2021-10-21 at 3 32 53 PM

The plural resource uses the API "list_ssh_public_keys" which does not have a required parameter "user_ name". So the attribute "user_name" is not mandatory. Even I have tested the same and it worked fine for me.

Link to the API: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#list_ssh_public_keys-instance_method

image

@jb897 We can provide the "user_name" attribute as a required parameter. Please let me know.

@jb897
Copy link
Contributor

jb897 commented Oct 22, 2021

The plural resource uses the API "list_ssh_public_keys" which does not have a required parameter "user_ name". So the attribute "user_name" is not mandatory. Even I have tested the same and it worked fine for me.

Link to the API: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#list_ssh_public_keys-instance_method

image
@jb897 We can provide the "user_name" attribute as a required parameter. Please let me know.

Thank you so much for understanding. I would greatly appreciate adding in user_name as a required parameter or as an optional parameter, since it is not required for the API. Whatever is best in your opinion.

@soumyo13
Copy link
Contributor Author

The plural resource uses the API "list_ssh_public_keys" which does not have a required parameter "user_ name". So the attribute "user_name" is not mandatory. Even I have tested the same and it worked fine for me.

Link to the API: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#list_ssh_public_keys-instance_method

image
@jb897 We can provide the "user_name" attribute as a required parameter. Please let me know.

Thank you so much for understanding. I would greatly appreciate adding in user_name as a required parameter or as an optional parameter, since it is not required for the API. Whatever is best in your opinion.

Great. We will do that.

@dkumaras
added user name in the plural resource
f954cad 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@soumyo13
plural resource modification
5c23235 
Signed-off-by: Soumyodeep Karmakar <soumyo.k13@gmail.com>
@ppradhan9
Copy link
Contributor

removed documentation label as plural resource changes are yet to be done.

@soumyo13
merged conflicts
1a6a9de 
Signed-off-by: Soumyodeep Karmakar <soumyo.k13@gmail.com>
soumyo13
soumyo13 commented Nov 5, 2021
View reviewed changes
Copy link
Contributor Author

@soumyo13 soumyo13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dkumaras Please review it again.

@soumyo13
Copy link
Contributor Author

soumyo13 commented Nov 5, 2021

@jb897 -> I have added the plural resource. I made the "user_name" the optional parameter. If the user wants to pass the username, he/she can pass it. Just done according to his need. Please check the documentation for more information.

@dkumaras
review edtis
99ae40e 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@dkumaras
conflicts remove
c00cd9b 
Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>
@sonarcloud
Copy link

sonarcloud bot commented Nov 9, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@soumyo13 soumyo13 merged commit 554b782 into main Nov 9, 2021
@soumyo13 soumyo13 deleted the soumyo/aws_iam_ssh_public_key branch November 9, 2021 01:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nirbhay1997 Nirbhay1997 Nirbhay1997 approved these changes

@dkumaras dkumaras dkumaras approved these changes

Assignees

@soumyo13 soumyo13

@dkumaras dkumaras

Labels
2021_PQ4 CFT Support Documentation Epic Feature Request ReadyForDocs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS IAM SSH Keys age rotated within 730 days for AWS CodeCommit
5 participants
@soumyo13 @jb897 @dkumaras @ppradhan9 @Nirbhay1997